Discover our services

Social Engineering

We are able to carry out a range of social engineering tests:

Retrieval of information from public sources (addresses, names, duties of collaborators)

Targeted phone calls using various pretexts to extract information or find ways to gain access

A "Spear phishing" scenario based on an e-mail campaign and the use of specific infrastructure

Physical penetration attempt based on realistic attack scenarios

The purpose of these tests is to involve all members of your teams (and anyone that has some level of internal access) in the protection of your assets, and to make them aware of threats such as a phishing attempt by email or phone.

1. Data collection from open sources

The aim of this is to collect the maximum amount of information about your organisation through public sources, including social networks, search engines, forums or other informative sites.

This information, which is sometimes confidential, will make it possible to refine our approach for the next phases, and often includes:

Key Functions, Organisational Chart

Passwords, keys

Technical information: technology or internal project names

2. E-mail campaigns/phishing attacks

Two approaches can be employed during a phishing campaign, targeting users through e-mail contact:

We build a fake site, also known as "watering hole" and launch an e-mail campaign that encourages your employees to visit this site. This site replicates an existing site regularly used by staff (e.g. human resources management application) except that it registers both the user identification and password and passes it on to the attacker.

We can also send an e-mail containing a malicious attachment. Once the file is executed and conditions are suitable, we will be able to take remote control of the victim's workstation and thus have access to the internal resources of the company.

3. Physical penetration simulation

A physical penetration simulation involves finding a range of inconspicuous ways to enter the target premises.

Before starting this phase, we will define our goal with you. Common goals may include reaching the server room or the office of a director, for example.

This will allow us to evaluate the success of the simulation, but also to find out the extent to which an attacker could gain access, and what impact an actual penetration attempt of this type could have on your business.

Red Team Services

Red Team missions employ real and efficient attack strategies on your infrastructure with the aim of finding a way to compromise it.

The most realistic attack simulation

This full-scale exercise aims to find a way to penetrate your internal network in order to extract real data while avoiding detection.

A flexible approach

We conduct Red Team missions to assess the efficiency of your defences against a real attack, but also to test security levels across the departments of your organisation. Tests can be carried out remotely or on-site, depending on the target and methodology chosen.

External surface attack

Each exposed and connected surface to your internal infrastructure is subject to an intrusion attempt, by utilising data about your organisation that can be found from open sources (OSINT).

Phishing attack

This is an approach targeting your employees in order to establish an anchor point, permitting access to your network.

Physical intrusion

A red team physical intrusion could take the form of an anonymous box being deposited on or near your property, acting as a bridge between your internal network and the attacking network.

Intrusion from a wireless network

All Wi-Fi networks are a potential entrance point to your internal networks. These can also be compromised.

Test Reports

Our reports are much more than a simple list of vulnerabilities generated with an automated tool. From the methodology and strategies employed to the traces of information, our reports provide as much information as possible, enabling your teams to understand and replicate the exploitation or verification of all identified vulnerabilities.

Norton seals are viewed more than half a billion times a day on more than 100,000 websites in 170 countries and in search results on enabled browsers, as well as partner shopping sites and product review pages. When website visitors see the Norton Trust Seal, they are less likely to abandon a transaction and more likely to do business with you online.